Hi,

I've got a lab with a domain controller and an Hyper-v with on it two multi-role exchange 2013 CU7 servers on W2K12 R2 OS, configured in DAG semplified (but the problem is the same also if I use the classical DAG configuration), a witness server, and a L7 load balancer for the exchange servers.

When I made the test to disable the OWA application pool where I've got the active mailbox database of the user, the balancer in correct manner redirect the session to the other exchange multi-role server, but the client in  his OWA session is no more able to send new mail with the error "Error your request can't be completed rigt now. Please try again later."

The only strange log that I see on the server in the MAPI client access directory where there is the following error message:

2015-01-21T08:00:45.132Z,956,1,/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt,,Microsoft.Exchange.RpcClientAccess.Monitoring.dll,15.0.0.0,Cached,,,,MapiHttp,Client=Microsoft.Exchange.RpcClientAccess.Monitoring,R:4ab7b6c8-54ee-4be3-aa9d-f8c856c4c47c:2,C:MAPIAAAAAOC4+7OCoZOjkqeKuoumlKSEtYO5ibyGs4bc/879z/vD9sX1zP28AwAAAAAAAA==|S:0-mGmHRQ==,OwnerLogon,0x6BB (rpc::Exception),00:00:00.0310000,"Logon: Owner, /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt in database  last mounted on Exch2.lab.net",RpcEndPoint: [ServerTooBusyException] Client is being backed off -> [ClientBackoffException] Mailbox was moved to a different mailbox server. A client needs to retry. -> [IllegalCrossServerConnectionException] Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1247f28558d24d4db872ab127b3e5810-Healt. -> [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] [diag::AAAOAAAA/wAAAAAAAAAAAgAAAAA=],,,HealthMailbox7021deb6ae104dadbf52feedfa7fa68b@lab.net,

The CAS try to access the mailbox on the other server, but without success.

Someone have idea how to solve?

Thanks

Hi,

Based on my research, the error message you got is is expected.

LAM OWA deeptest probes target both active and passive databases. We do this because the state of DB is dynamic and only targetting actives will make us coverage on servers that don't have any actives. When a logon is attempted via passive DB store throws MapiExceptionIllegalCrossServerConnection which we handle in the probe code and consider as success. Anything other than this exception is considered as a failure.

We can safely ignore these events with MapiExceptionIllegalCrossServerConnection in a DAG environment.

You said that you disabled the OWA application pool where you have got the active mailbox database, in this case, the other server has only passive database copy, you will get this error when user try to log on via passive DB.

If you want to test DAG failover, you can just dismont the active database to check if failover will wok.

Best regards,

Hi, in my lab I've got only one Active Directory site. and the servers all both in the same site under the same AD.

Hi Belinda,

in my LAB I'm trying to replicate the scenario where I've got a L7 balancer in front of the 2 CAS\MBX server configured with the DAG so the DB is replicated between the two servers.

In my case, when I stop only the OWA application pool on the server where is active the DB of the user, the balancer is able to know that that OWA L7 application on this server is down, so in the correct manner send the session of the existing user and of the new users to the other CAS\MBX server where I've got a the passive copy of the DB, but in this situation (as when the OWA app is working) in normal working the second CAS\MBX must routing the session to the MBX where is active the DB and for the client perspective must be no service distruption.

Infact when ohe OWA application pool is working on both servers, the balancer if I use round robin algorithm, send the client requests to both the CAS server, but only on one of them I've got the active DB, and in this situation the CAS where I've got the passive DB correctly route the session to the other server and this respond in the correct manner.

So this confirm that the CAS\MBX server of the DAG that host the passive DB is able to route the session to the CAS\MBX server where is the active DB.

I've seen a demo where in effect must work in this manner, but I'm not able to found in my lab where may be the problem.

Thanks

I Think that the error that ide the problem where is is the following:

 [MapiExceptionIllegalCrossServerConnection] Monitoring mailbox [] with application ID [Client=MSExchangeRPC] is not allowed to make cross-server calls from [Exch1.lab.net] to [Exch2.lab.net] 

Whi exch1 is not able to make the cross-server calls when his OWA application pool is down and when is now down is able to do?

Regards.

Sorry about that, for some reason I read that completely wrong and thought it said Cross site connection and not cross server connection.  doh!

Anyway, I did a little research and I found 2 issues (1 blog from someone who is an MCM and a Technet Thread) where they were experiencing the same issue.

http://www.expta.com/2014/05/fix-for-aspnet-40303190-3005-event.html

https://social.technet.microsoft.com/Forums/en-US/e2a7e131-d2bb-401d-a8f4-352eb6005bef/exchange-2013-cu2-aspnet-event-id-1309-mapiexceptionmailboxintransit-and?forum=exchangesvrgeneral

In both cases the fix was to Delete the Health Mailboxes and recycle the Exchange Health Service.

Hi Hinte,

thanks for your reply.

I've already seen the two solutions above, and I've already made the test to delete all the Exchange Health Mailboxes, but this test don't solve the problem and when I do again the test with the balancing and the Owa application down on the server that host the active mailbox, I've ot the same problem.

Probally a more deep debug specific is necessary in my case, but I don't know which of the several log to made verbose and look for.

Regards.

Weird...

What happens when you run the following command:

Get-Mailbox -Monitoring | ft name, servername

Do you see any errors? Do all the mailbox servers have health mailboxes?

Also, as another test, instead of disabling the OWA App Pool, can you try stopping the OWA Virtual Directory? 

Hi Hinte, sorry for the answer delay.

I've run the command you suggest to check the HealthMailbox status, but seems that all are fine:

[PS] C:\Windows\system32>get-Mailbox -Monitoring | ft name, servername

Name                                                        ServerName
----                                                        ----------
HealthMailbox7021deb6ae104dadbf52feedfa7fa68b               exch1
HealthMailboxb83c9040b32e4d1197f7f54f6709bb7f               exch1
HealthMailboxb1c32037890b43fbb2af2efe7c36ba00               exch1
HealthMailbox8d174269b494458daf9ade5099e22845               exch1
HealthMailboxaa7d10f02d2d4cc588243b291ead3e3a               exch1
HealthMailboxeb32c30a019f42968a7cbc49a6ac3e65               exch1
HealthMailboxc6ff1d36ba154c5db5411b44718edcbd               exch1
HealthMailbox75dc7caa7e8c4a3b812a01b607536d48               exch1
HealthMailbox16c86e512f454e7890b80c180ce19c00               exch1
HealthMailboxc6e447f7dba24d9b913f1dfcabe9f927               exch1
HealthMailbox40fa5a3f2abc4accae6286cd98abc90a               exch1
HealthMailbox2712b9544bad4e7b8b671be2cda8cfde               exch2
HealthMailboxe2559124da20499386bf8103dcb21e9b               exch2
HealthMailbox3264c6078dad45d4a78c56a3afe81df1               exch1
HealthMailboxacacc51eb8bc4717b295ddf0adccf77e               exch2
HealthMailbox64c4dd8cddac4c4e8bb7314010e797b1               exch1
HealthMailbox4a92bfa14fdd47fbb27c19513f6d2beb               exch2
HealthMailbox465d2a69de93430e84b4d699a88cb0c3               exch1
HealthMailbox97b578e57cd44204820fffa416b25633               exch2
HealthMailboxb411059771db4647bb775c665ec29440               exch1
HealthMailboxf981dde6f4134f839bf41eb0000434e4               exch2
HealthMailboxc33801c7c3b1474f8aa6065249bb4fca               exch1
HealthMailbox2282128ed8d14937998212edd15adf20               exch2
HealthMailboxe3d12b756cf545239b38be4607904ae1               exch2


[PS] C:\Windows\system32> 

Regarding the test sugested to diable instead the OWA App Pool only the OWA virtual directory, I've not found on IIS the possibility to stop the access to this virtual directory.

Also on exchnage Administration page there is no the possibility to switch off this virtual directory only (or I don't found where is this setting).

Regards

<blockquote>I've seen a demo where in effect must work in this manner, but I'm not able to found in my lab where may be the problem.</blockquote>

The demo you saw, what it Exchange 2010, and not Exchange 2013? I think this would work in Exchange 2010, but with the emphasis on multi role servers in Exchange 2013, it's expected that the client will be talking to the server with the mounted DB.

• Proposed as answer by Abram JacksonMicrosoft employee Wednesday, January 28, 2015 8:41 PM

H, I don't agree with you.

Must work in Exchange 2013 with multi-role servers.

Every CAS must "route" to the active mailbox database ...infact in normal situation, when I've got the OWA Application pool working, if I access from the CAS on another server where there is no the active DB, in correct manner this redirect me to the active DB on the other server.

You may see a demo at the following link of the demo that replicate this scenario(unfortunatly is in italian and not in english) http://vimeo.com/84421309

As you may see from the video above, works with 2 multi-role also when stop theowa appl. pool (instead in my case when I stop the Owa App pool I've got the error).

Hello AOit,

do u resolved it in some way, and what have u done to solve it?

Because I encountered the same problem with an Ex2013 DAG with the ECP

Thanks

Tommy